Court ruling on access of police to DNA profile databases sets precedentDNA data is available even if users opt-out in a landmark ruling that could have serious privacy implications.

23andMe is reducing staff numbers by roughly 100 people, or 14 percent of its overall workforce, with its CEO citing privacy concerns as a potential reason for declining sales.

The company offers consumers DNA testing kits which may provide indicators of health predispositions, genetic traits, and ancestry. Saliva samples are posted to 23andMe, where they are processed in labs based in the United States.

When home DNA services went mainstream several years back, 23andMe, alongside rival companies including AncestryDNA, enjoyed strong sales rates. However, in recent times, it seems consumer appetite is waning.

23andMe is reducing its headcount and intends to focus on the direct-to-consumer business.

In an interview with CNBC, 23andMe CEO Anne Wojcicki said she was “surprised” at the downturn, which has been a “painful” journey for the DNA testing firm to endure.

While there is no straight answer as to why sales are plummeting, the executive told the publication that privacy may be a factor, alongside financial worries (after all, the kits begin at $99).

The novelty of discovering our genetic roots has worn off — not helped by studies that suggest they may be inaccurate, anyway — and there are real concerns over the security and privacy of our genetic profiles.

Unlike credit card numbers or home addresses, medical data and DNA cannot be changed, and should these records end up in the wrong hands, there could be serious ramifications.

For example, GEDmatch was the subject of a DNA profiling test in which researchers found that it was possible to extract someone’s sensitive genetic markers and create fake profiles of individuals apparently related to a target by making a relatively small number of DNA comparisons.

The possibility of being able to tamper with records to create familial relationships that do not exist is one factor. However, another facet of DNA services that is perhaps more crucial is the spread of genetic information beyond the databases of the companies that offer analysis services.

The case of the Golden State Killer, who was tracked down after a relative used DNA profiling, highlights how genetic information from home kits can be valuable to criminal investigations. There is a problem, though, in deciding how open databases should be to law enforcement.

While some of us would be willing to hand over this extremely personal information if it helps criminal investigations, others may be concerned over how much record access should be permitted, in relation to what happens to the records afterward, and the question of whether users should be able to consent — or not — to such searches.

In November 2019, a US judge approved a warrant for the police to search the full GEDmatch database during an investigation. GEDmatch compiled, which in turn generated leads for the police to follow. AncestryDNA and 23andMe will also only agree to such requests if required by law.

GEDmatch has a consent mechanism in place, but the ruling may open the floodgates to more warrants being issued in the future — potentially impacting the privacy of the millions of users of other, larger DNA services.

Can consumers be reassured? In the interview, Wojcicki said that privacy is now “top of mind” for the company’s executives, and in general, technology vendors must “better communicate privacy standards to build trust.”

When you know that law enforcement may be able to scour the DNA records of private companies at will, however, this assurance might not be enough.

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0